Sign-up

ID

VAR-201905-1171


CVE

CVE-2019-0089


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) SPS Contains a data processing vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Server Platform Services are prone to an local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. A code issue vulnerability exists in subsystems in Intel SPS. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. The following products and versions are affected: Intel SPS versions prior to SPS_E5_04.00.04.381.0, versions prior to SPS_E3_04.01.04.054.0, versions prior to SPS_SoC-A_04.00.04.181.0, versions prior to SPS_SoC-X_04.00.04.086.0

Trust: 2.07

sources: NVD: CVE-2019-0089 // JVNDB: JVNDB-2019-004745 // BID: 108826 // VULHUB: VHN-140120 // VULMON: CVE-2019-0089

AFFECTED PRODUCTS

vendor:intelmodel:server platform servicesscope:ltversion:sps_soc-a_04.00.04.181.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_e3_04.01.04.054.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_soc-x_04.00.04.086.0

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:sps_e5_04.00.04.381.0

Trust: 1.0

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus primescope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope:eqversion:sps_e3_04.01.04.054.0

Trust: 0.8

vendor:intelmodel:server platform servicesscope:eqversion:sps_e5_04.00.04.381.0

Trust: 0.8

vendor:intelmodel:server platform servicesscope:eqversion:sps_soc-a_04.00.04.181.0

Trust: 0.8

vendor:intelmodel:server platform servicesscope:eqversion:sps_soc-x_04.00.04.086.0

Trust: 0.8

vendor:intelmodel:server platform servicesscope:eqversion:0

Trust: 0.3

vendor:f5model:traffix sdcscope:eqversion:5.1

Trust: 0.3

vendor:f5model:traffix sdcscope:eqversion:5.0

Trust: 0.3

vendor:intelmodel:server platform services sps soc-x 04.00.04.0scope:neversion: -

Trust: 0.3

vendor:intelmodel:server platform services sps soc-a 04.00.04.1scope:neversion: -

Trust: 0.3

vendor:intelmodel:server platform services sps e5 04.00.04.381.scope:neversion: -

Trust: 0.3

vendor:intelmodel:server platform services sps e3 04.01.04.054.scope:neversion: -

Trust: 0.3

sources: BID: 108826 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004745 // NVD: CVE-2019-0089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0089
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0089
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-740
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140120
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-0089
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0089
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-140120
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0089
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140120 // VULMON: CVE-2019-0089 // JVNDB: JVNDB-2019-004745 // CNNVD: CNNVD-201905-740 // NVD: CVE-2019-0089

PROBLEMTYPE DATA

problemtype:CWE-19

Trust: 1.9

sources: VULHUB: VHN-140120 // JVNDB: JVNDB-2019-004745 // NVD: CVE-2019-0089

THREAT TYPE

local

Trust: 0.9

sources: BID: 108826 // CNNVD: CNNVD-201905-740

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-740

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003441

PATCH
title:INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 1.6
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
title:HP: HPSBHF03616 rev. 1  -  Intel CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03616
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBHF03616 rev. 4 -  Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=fd8d8d147c2dc58a9552ea19a80369fe
Trust: 0.1
title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN
HPSBHF03616 rev. 4 -  Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=36bdf366c0b633d1ee0c20eab22574bc
Trust: 0.1
title:Threatposturl:https://threatpost.com/intel-fixes-critical-high-severity-flaws-across-several-products/144940/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-0089 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004745

EXTERNAL IDS
db:NVDid:CVE-2019-0089
Trust: 2.9
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:JVNDBid:JVNDB-2019-004745
Trust: 0.8
db:CNNVDid:CNNVD-201905-740
Trust: 0.7
db:AUSCERTid:ASB-2019.0148.2
Trust: 0.6
db:AUSCERTid:ESB-2019.2186
Trust: 0.6
db:LENOVOid:LEN-26293
Trust: 0.6
db:BIDid:108826
Trust: 0.3
db:CNVDid:CNVD-2020-18580
Trust: 0.1
db:VULHUBid:VHN-140120
Trust: 0.1
db:VULMONid:CVE-2019-0089
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140120 // 
            
            
            
            VULMON: CVE-2019-0089 // 
            
            
            
            BID: 108826 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004745 // 
            
            
            
            CNNVD: CNNVD-201905-740 // 
            
            
            
            NVD: CVE-2019-0089

REFERENCES
url:https://support.f5.com/csp/article/k47234311
Trust: 2.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 2.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-0089
Trust: 1.4
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0089
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
url:https://support.lenovo.com/us/zh/solutions/len-26293
Trust: 0.6
url:https://www.auscert.org.au/bulletins/asb-2019.0148.2/
Trust: 0.6
url:https://support.lenovo.com/us/en/product_security/len-26293
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2186/
Trust: 0.6
url:http://www.intel.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/19.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/intel-fixes-critical-high-severity-flaws-across-several-products/144940/
Trust: 0.1
url:https://support.hp.com/us-en/document/c06330088
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140120 // 
            
            
            
            VULMON: CVE-2019-0089 // 
            
            
            
            BID: 108826 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004745 // 
            
            
            
            CNNVD: CNNVD-201905-740 // 
            
            
            
            NVD: CVE-2019-0089

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 108826

SOURCES
db:VULHUBid:VHN-140120
db:VULMONid:CVE-2019-0089
db:BIDid:108826
db:JVNDBid:JVNDB-2019-003441
db:JVNDBid:JVNDB-2019-004745
db:CNNVDid:CNNVD-201905-740
db:NVDid:CVE-2019-0089

LAST UPDATE DATE
2024-11-23T19:41:14.771000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140120date:2019-06-19T00:00:00
db:VULMONid:CVE-2019-0089date:2019-06-19T00:00:00
db:BIDid:108826date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004745date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-740date:2019-09-26T00:00:00
db:NVDid:CVE-2019-0089date:2024-11-21T04:16:12.653

SOURCES RELEASE DATE
db:VULHUBid:VHN-140120date:2019-05-17T00:00:00
db:VULMONid:CVE-2019-0089date:2019-05-17T00:00:00
db:BIDid:108826date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004745date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-740date:2019-05-17T00:00:00
db:NVDid:CVE-2019-0089date:2019-05-17T16:29:00.860